﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc;
using Microsoft.Security.Application;

namespace Web.Mvc.ModelBinders
{
    public class AntiXssModelBinder : DefaultModelBinder
    {
        protected override object GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, System.ComponentModel.PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder)
        {
            var value = base.GetPropertyValue(controllerContext, bindingContext, propertyDescriptor, propertyBinder);

            if (propertyDescriptor.Attributes.OfType<AllowHtmlAttribute>().FirstOrDefault() != null && value != null)
            {
                value = HttpUtility.HtmlDecode(Sanitizer.GetSafeHtmlFragment(value.ToString()));
            }

            return value;
        }
    }
}
